From owner-freebsd-usb@FreeBSD.ORG Mon Mar 28 16:00:51 2011 Return-Path: Delivered-To: freebsd-usb@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09C6B106564A for ; Mon, 28 Mar 2011 16:00:51 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 186278FC13 for ; Mon, 28 Mar 2011 16:00:44 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p2SG0aVK095671 for ; Mon, 28 Mar 2011 16:00:36 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p2SG0alR095667; Mon, 28 Mar 2011 16:00:36 GMT (envelope-from gnats) Resent-Date: Mon, 28 Mar 2011 16:00:36 GMT Resent-Message-Id: <201103281600.p2SG0alR095667@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-usb@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Chunping Ruan Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07296106566C for ; Mon, 28 Mar 2011 15:55:31 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 6C3828FC0A for ; Mon, 28 Mar 2011 15:55:23 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p2SFtG1L078209 for ; Mon, 28 Mar 2011 15:55:16 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p2SFtGIj078208; Mon, 28 Mar 2011 15:55:16 GMT (envelope-from nobody) Message-Id: <201103281555.p2SFtGIj078208@red.freebsd.org> Date: Mon, 28 Mar 2011 15:55:16 GMT From: Chunping Ruan To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: usb/156000: rum(4) Fatal trap 18: integer divide fault while in kernel mode X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 16:00:51 -0000 >Number: 156000 >Category: usb >Synopsis: rum(4) Fatal trap 18: integer divide fault while in kernel mode >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-usb >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 28 16:00:19 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Chunping Ruan >Release: 8.2-RELEASE i386/amd64 >Organization: >Environment: FreeBSD test.home.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: I have a usb wireless NIC (TP-LINK TL-WN321G+ ), and setup as my hostap dmesg|grep rum rum0: on usbus0 rum0: MAC/BBP RT2573 (rev 0x2573a), RF RT2528 ifconfig em0: flags=8843 metric 0 mtu 1500 options=9b ether 08:00:27:d7:1e:31 inet 192.168.1.220 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (1000baseT ) status: active lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3 rum0: flags=8843 metric 0 mtu 2290 ether 00:1d:0f:07:9b:28 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: running wlan0: flags=8943 metric 0 mtu 1500 ether 00:1d:0f:07:9b:28 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g status: running ssid mptest channel 6 (2437 MHz 11g) bssid 00:1d:0f:07:9b:28 regdomain ROW country CN authmode WPA2/802.11i privacy MIXED deftxkey 2 AES-CCM 2:128-bit txpower 30 scanvalid 60 protmode CTS dtimperiod 1 -dfs bridge0: flags=8843 metric 0 mtu 1500 ether 3e:cc:4a:2e:67:65 inet 192.168.77.1 netmask 0xffffff00 broadcast 192.168.77.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: wlan0 flags=143 ifmaxaddr 0 port 4 priority 128 path cost 370370 arp -an ? (192.168.77.100) at 00:21:fe:3e:0a:6b on bridge0 expires in 1199 seconds [bridge] ? (192.168.77.1) at 3e:cc:4a:2e:67:65 on bridge0 permanent [bridge] ? (192.168.1.77) at e0:05:c5:22:61:fc on em0 expires in 1199 seconds [ethernet] ? (192.168.1.100) at 00:07:e9:a8:1e:f4 on em0 expires in 1153 seconds [ethernet] ? (192.168.1.220) at 08:00:27:d7:1e:31 on em0 permanent [ethernet] sudo arping -i wlan0 -b -S 192.168.77.100 -s 00:21:fe:3e:0a:6b -t 00:1d:0f:07:9b:28 192.168.77.1 * 00:1d:0f:07:9b:28 is the rum0/wlan0 's MAC then, system panic and reboot * why i do such arping ? it seems that , the bridged wlan0 cant reply ARP reply packets tcpdump -i wlan0 18:02:08.877494 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 18:02:15.260227 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 18:02:15.260245 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 18:02:16.261477 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 18:02:16.261495 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 and, tcpdump -i bridge0 18:02:15.260258 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 18:02:15.260281 72:5f:7d:8a:55:34 > a4:ed:4e:74:e4:30, ethertype ARP (0x0806), length 42: Reply 192.168.77.1 is-at 72:5f:7d:8a:55:34, length 28 18:02:16.261508 a4:ed:4e:74:e4:30 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.77.1 tell 192.168.77.100, length 28 18:02:16.261521 72:5f:7d:8a:55:34 > a4:ed:4e:74:e4:30, ethertype ARP (0x0806), length 42: Reply 192.168.77.1 is-at 72:5f:7d:8a:55:34, length 28 you see, bridge0 send ARP reply ,but wlan0 not send the arp request packets are sent by my Android mobile phone,he can't access any web site,because he don't know who-has 192.168.77.1 so, i use arping to test. //////////////////////// Fatal trap 18: integer divide fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x20:0xc07f0b2e stack pointer = 0x28:0xc2fd5940 frame pointer = 0x28:0xc2fd5950 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1360 (arping) trap number = 18 panic: integer divide fault cpuid = 0 KDB: stack backtrace: #0 0xc08e0d07 at kdb_backtrace+0x47 #1 0xc08b1dc7 at panic+0x117 #2 0xc0be4b43 at trap_fatal+0x323 #3 0xc0be54f2 at trap+0x652 #4 0xc0bcbebc at calltrap+0x6 #5 0xc07f21f9 at rum_start+0x519 #6 0xc09581c2 at if_start+0x12 #7 0xc095c1cb at if_transmit+0x15b #8 0xc099af82 at ieee80211_start+0x742 #9 0xc09581c2 at if_start+0x12 #10 0xc095c1cb at if_transmit+0x15b #11 0xc3c4438e at bridge_enqueue+0x2e #12 0xc3c4468e at bridge_output+0x18e #13 0xc0961911 at ether_output+0x581 #14 0xc099a5fd at ieee80211_output+0x4d #15 0xc0953ceb at bpfwrite+0x5cb #16 0xc083345f at devfs_write_f+0x7f #17 0xc08f0197 at dofilewrite+0x97 Uptime: 4m23s Physical memory: 499 MB Dumping 48 MB: 33 17 1 Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done. done. Loaded symbols for /boot/kernel/pf.ko Reading symbols from /boot/kernel/wlan_xauth.ko...Reading symbols from /boot/kernel/wlan_xauth.ko.symbols...done. done. Loaded symbols for /boot/kernel/wlan_xauth.ko Reading symbols from /boot/kernel/if_bridge.ko...Reading symbols from /boot/kernel/if_bridge.ko.symbols...done. done. Loaded symbols for /boot/kernel/if_bridge.ko Reading symbols from /boot/kernel/bridgestp.ko...Reading symbols from /boot/kernel/bridgestp.ko.symbols...done. done. Loaded symbols for /boot/kernel/bridgestp.ko #0 doadump () at pcpu.h:231 231 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump () at pcpu.h:231 #1 0xc08b1b63 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:419 #2 0xc08b1e00 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:592 #3 0xc0be4b43 in trap_fatal (frame=0xc2fd5900, eva=0) at /usr/src/sys/i386/i386/trap.c:946 #4 0xc0be54f2 in trap (frame=0xc2fd5900) at /usr/src/sys/i386/i386/trap.c:731 #5 0xc0bcbebc in calltrap () at /usr/src/sys/i386/i386/exception.s:166 #6 0xc07f0b2e in rum_setup_tx_desc (sc=Variable "sc" is not available. ) at /usr/src/sys/dev/usb/wlan/if_rum.c:1018 #7 0xc07f21f9 in rum_start (ifp=0xc37f0c00) at /usr/src/sys/dev/usb/wlan/if_rum.c:1267 #8 0xc09581c2 in if_start (ifp=0xc37f0c00) at /usr/src/sys/net/if.c:3364 #9 0xc095c1cb in if_transmit (ifp=0xc37f0c00, m=0xc335d800) at /usr/src/sys/net/if.c:3376 #10 0xc099af82 in ieee80211_start (ifp=0xc3296000) at /usr/src/sys/net80211/ieee80211_output.c:362 #11 0xc09581c2 in if_start (ifp=0xc3296000) at /usr/src/sys/net/if.c:3364 #12 0xc095c1cb in if_transmit (ifp=0xc3296000, m=0xc335d300) at /usr/src/sys/net/if.c:3376 #13 0xc3c4438e in bridge_enqueue (sc=0xc3adfe00, dst_ifp=0xc3296000, m=Variable "m" is not available. ) at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:1787 #14 0xc3c4468e in bridge_output (ifp=0xc3296000, m=0xc335d300, sa=0x0, rt=0x0) at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:1928 #15 0xc0961911 in ether_output (ifp=0xc3296000, m=0xc335d300, dst=0xc2fd5b64, ro=0x0) at /usr/src/sys/net/if_ethersubr.c:394 #16 0xc099a5fd in ieee80211_output (ifp=0xc3296000, m=0xc335d300, dst=0xc2fd5b64, ro=0x0) at /usr/src/sys/net80211/ieee80211_output.c:406 #17 0xc0953ceb in bpfwrite (dev=0xc31b8400, uio=0xc2fd5c28, ioflag=0) at /usr/src/sys/net/bpf.c:939 #18 0xc083345f in devfs_write_f (fp=0xc380d380, uio=0xc2fd5c28, cred=0xc317e700, flags=0, td=0xc3c252d0) at /usr/src/sys/fs/devfs/devfs_vnops.c:1528 #19 0xc08f0197 in dofilewrite (td=0xc3c252d0, fd=3, fp=0xc380d380, auio=0xc2fd5c28, offset=-1, flags=0) at file.h:239 #20 0xc08f0488 in kern_writev (td=0xc3c252d0, fd=3, auio=0xc2fd5c28) at /usr/src/sys/kern/sys_generic.c:447 #21 0xc08f050f in write (td=0xc3c252d0, uap=0xc2fd5cec) at /usr/src/sys/kern/sys_generic.c:363 #22 0xc08eca39 in syscallenter (td=0xc3c252d0, sa=0xc2fd5ce4) at /usr/src/sys/kern/subr_trap.c:315 #23 0xc0be4e14 in syscall (frame=0xc2fd5d28) at /usr/src/sys/i386/i386/trap.c:1061 #24 0xc0bcbf21 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:264 #25 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) >How-To-Repeat: ifconfig wlan0 create wlandev rum0 wlanmode hostap ifconfig wlan0 ssid mptest mode 11g channel 6 country CN ifconfig bridge0 create addm wlan0 ifconfig bridge0 inet 192.168.77.1 netmask 255.255.255.0 up # cat /etc/hostapd.conf interface=wlan0 debug=1 ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=mptest country_code=CN #### WPA2-PSK/AES wpa=2 wpa_passphrase=mypass wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP /etc/rc.d/hostapd forcestart # cat /usr/local/etc/dhcpd.conf option domain-name "home.com"; option domain-name-servers 1.2.3.4, 1.2.3.5; default-lease-time 172800; max-lease-time 172800; ddns-update-style none; authoritative; log-facility local7; subnet 192.168.77.0 netmask 255.255.255.0 { range 192.168.77.100 192.168.77.200; option domain-name-servers 1.2.3.4, 1.2.3.5; option domain-name ""; option routers 192.168.77.1; option broadcast-address 192.168.77.255; default-lease-time 172800; max-lease-time 172800; } # /usr/local/etc/rc.d/isc-dhcpd forecrestart ifconfig bridge0 up Use my Nokia E71 access AP. everything ok! arp -an ? (192.168.77.100) at 00:21:fe:3e:0a:6b on bridge0 expires in 271 seconds [bridge] ? (192.168.77.1) at 3e:cc:4a:2e:67:65 on bridge0 permanent [bridge] ? (192.168.1.77) at e0:05:c5:22:61:fc on em0 expires in 271 seconds [ethernet] ? (192.168.1.100) at 00:07:e9:a8:1e:f4 on em0 expires in 1199 seconds [ethernet] ? (192.168.1.220) at 08:00:27:d7:1e:31 on em0 permanent [ethernet] then # arping -i wlan0 -b -S 192.168.77.100 -s 00:21:fe:3e:0a:6b -t 00:1d:0f:07:9b:28 192.168.77.1 -_- system panic auto rebooted >Fix: >Release-Note: >Audit-Trail: >Unformatted: